Dovecot
Related articles
This article describes how to set up a mail server suitable for personal or small office use.
Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver. For more detailed information, please see the official Dovecot Wiki.
Contents
Installation
Configuration
Assumptions
- Each mail account served by Dovecot, has a local user account defined on the server.
- The server uses PAM to authenticate the user against the local user database (/etc/passwd).
- SSL is used to encrypt the authentication password.
- The common Maildir format is used to store the mail in the user's home directory.
- A MDA has already been set up to deliver mail to the local users.
Create the SSL certificate
The dovecot package contains a script to generate the server SSL certificate.
- Copy the configuration file from the sample file:
# cp /etc/ssl/dovecot-openssl.cnf{.sample,}
. - Edit
/etc/ssl/dovecot-openssl.cnf
to configure the certificate.
- Execute
# /usr/lib/dovecot/mkcert.sh
to generate the certificate.
The certificate/key pair is created as /etc/ssl/certs/dovecot.pem
and /etc/ssl/private/dovecot.pem
.
Run cp /etc/ssl/certs/dovecot.pem /etc/ca-certificates/trust-source/anchors/dovecot.crt
and then # trust extract-compat
whenever you have
changed your certificate.
Dovecot configuration
- Copy the
dovecot.conf
andconf.d/*
configuration files from/usr/share/doc/dovecot/example-config
to/etc/dovecot
:
# cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot # cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
The default configuration is ok for most systems, but make sure to read through the configuration files to see what options are available. See the quick configuration guide and dovecot configuration for more instructions.
By default dovecot will try to detect what mail storage system is in use on the system. To use the Maildir format edit /etc/dovecot/conf.d/10-mail.conf
to set mail_location = maildir:~/Maildir
.
PAM Authentication
- To configure PAM for dovecot, create
/etc/pam.d/dovecot
with the following content:
/etc/pam.d/dovecot
auth required pam_unix.so nullok account required pam_unix.so
PAM Authentication with LDAP
- If you are using an OpenLDAP server for authentication instead, be sure to be able to login with your LDAP users first, as described in LDAP authentication.
You can then write the following in /etc/pam.d/dovecot
remembering that the entries order is very important:
/etc/pam.d/dovecot
auth sufficient pam_ldap.so auth required pam_unix.so nullok account sufficient pam_ldap.so account required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel umask=0022 session sufficient pam_ldap.so
In this way both LDAP and system users have their mailbox.
- Change the name of the following file so it can be read by dovecot:
# mv /etc/dovecot/conf.d/auth-system.conf{.ext,}
- Edit
/etc/dovecot/conf.d/auth-system.conf
by changing thepassdb
directive, like this:
passdb { driver = pam args = session=yes dovecot }
By using the pam_mkhomedir.so
module and by adding the session
part in the passdb
directive, if an LDAP user logs in for the first time the corresponding home directory will be automatically created.
Sieve
Sieve is a programming language that can be used to create filters for email on mail server.
- Install pigeonhole.
- Add "sieve" to "protocols" in dovecot.conf (and the lines from the next points)
protocols = imap pop3 sieve
- Add minimal 80-sieve.conf in
/etc/dovecot/conf.d/
service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { } protocol sieve { }
- Add "sieve" as "mail_plugins" in "protocol lda" section of
/etc/dovecot/conf.d/15-lda.conf
protocol lda { mail_plugins = sieve }
- Specify sieve storage location in "plugin" section of
/etc/dovecot/conf.d/90-plugin.conf
:
plugin { sieve=/var/mail/%u/dovecot.sieve sieve_dir=/var/mail/%u/sieve }
- Ensure that your MTA uses dovecot for delivery. For example: postfix's main.cf and dovecot-lda:
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
Starting the server
Use the standard systemd syntax to control the dovecot.service
daemon.
Tricks
Generate hashes with non-default hash functions.
doveadm pw -s SHA512-CRYPT -p "superpassword"
Remember to make sure that the column in the database is large enough(you might not get a warning..)
Remember to set the password scheme in your dovecot-sql.conf file
default_pass_scheme = SHA512-CRYPT